Add basic project structure

.ansible-lint

@@ -1,11 +1,27 @@
 ---
 skip_list:
-  - 'risky-shell-pipe'
-  - 'role-name'
-  - 'name[template]'
+  - meta-no-info
+  - var-naming[no-role-prefix]
 
 warn_list:
   - package-latest
   - unnamed-task
-  - command-instead-of-shell
-  - no-handler
+
+exclude_paths:
+  - group_vars/secrets.*
+  - roles/dehydrated
+  - roles/mailhog
+  - roles/postgresql
+  - roles/mail
+  - roles/mariadb
+  - roles/nginx
+  - roles/elasticsearch
+  - roles/oauth2_proxy
+  - roles/php
+  - roles/redis
+  - roles/supervisord
+  - roles/system
+  - roles/apache
+  - roles/solr
+  - roles/varnish
+  - roles/docker

.editorconfig

@@ -0,0 +1,14 @@
+# EditorConfig: http://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# 2 space indentation for YAML
+[{*.yml,*.yaml}]
+indent_style = space
+indent_size = 2

.envrc

@@ -0,0 +1,24 @@
+#!/bin/sh
+if [ -n "$$DIRENV_DIFF" ]; then
+  # Do not `set -e` unless we're being run from direnv
+  set -e 
+fi
+
+if [ ! -f .venv/bin/activate ]
+then
+	echo "Creating a virtual Python environment"
+	python3 -m venv .venv >/dev/null
+fi
+
+if [ -f .venv/bin/activate ]
+then
+	echo "Activating the Python virtual environment"
+	. .venv/bin/activate
+fi
+
+if [ -f .venv/bin/pip3 ]
+then
+	echo "Installing Python requirements"
+	.venv/bin/pip3 install --upgrade pip 1> /dev/null
+	.venv/bin/pip3 install -r requirements.txt 1> /dev/null
+fi

.github/workflows/test.yml

@@ -0,0 +1,43 @@
+---
+name: Test
+run-name: Run molecule tests on the role
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: pip install -r requirements.txt
+
+      - name: Run ansible-lint
+        run: "ansible-lint"
+
+  molecule:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies.
+        run: |
+          pip install -r requirements.txt  
+          ansible-galaxy install -r requirements.yml
+
+      - name: Run molecule
+        run: molecule test

.gitignore

@@ -0,0 +1,14 @@
+.DS_Store
+*.pyc
+__pycache__
+.idea
+.vscode
+/*.retry
+/.fact_cache
+/venv/
+debug.log
+id_ed25519*
+/venv*/
+.collections
+roles
+.venv

.pre-commit-config.yaml

@@ -1,6 +1,7 @@
 ---
 repos:
   - repo: https://github.com/ansible/ansible-lint.git
-    rev: v6.17.2
+    rev: v24.6.1
     hooks:
       - id: ansible-lint
+        files: \.(yaml|yml)$

.yamllint

@@ -1,33 +1,15 @@
 ---
-# Based on ansible-lint config
 extends: default
 
 rules:
+  line-length: disable
+  truthy:
+    allowed-values: ['true', 'false', 'yes', 'no']
+  comments:
+    min-spaces-from-content: 1
   braces:
+    min-spaces-inside: 0
     max-spaces-inside: 1
-    level: error
-  brackets:
-    max-spaces-inside: 1
-    level: error
-  colons:
-    max-spaces-after: -1
-    level: error
-  commas:
-    max-spaces-after: -1
-    level: error
-  comments: disable
-  comments-indentation: disable
-  document-start: disable
-  empty-lines:
-    max: 3
-    level: error
-  hyphens:
-    level: error
-  indentation: disable
-  key-duplicates: enable
-  line-length: disable
-  new-line-at-end-of-file: disable
-  new-lines:
-    type: unix
-  trailing-spaces: disable
-  truthy: disable
+
+ignore: |
+  .cache

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 punkt.de GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

ansible.cfg

@@ -0,0 +1,6 @@
+[defaults]
+roles_path = ./roles
+collections_path = ./.collections
+
+[ssh_connection]
+pipelining = true

defaults/main.yaml

@@ -2,12 +2,12 @@
 solr:
   domain:
   prefix:
-    bin: /var/solr
-    var: /var/db/solr
-  version: 9.2.0
+    bin: /var/opt/solr/solr
+    home: /var/opt/solr/home
+  version: 9.7.0
   tika:
     prefix:
       bin: /var/opt/tika
-    version: 2.8.0
+    version: 3.0.0
   synced_config:
   oauth2_proxy:

handlers/main.yaml

@@ -1,14 +1,18 @@
 ---
 - name: Start Solr
-  ansible.builtin.service:
-    name: solr
-    state: started
+  ansible.builtin.shell:
+    cmd: |
+      set -e -u -o pipefail
+      supervisorctl update solr
+      supervisorctl start solr
   register: solr_service_result
 
 - name: Restart Solr
-  ansible.builtin.service:
-    name: solr
-    state: restarted
+  ansible.builtin.shell:
+    cmd: |
+      set -e -u -o pipefail
+      supervisorctl update solr
+      supervisorctl restart solr
   when: not (solr_service_result is defined and solr_service_result.changed)
 
 - name: Start Tika

inventory.ini

@@ -0,0 +1,30 @@
+[app_prd]
+vpro0000.proserver.punkt.de ansible_user=vpro0000
+
+[app_stg]
+vpro0000.proserver.punkt.de ansible_user=vpro0000
+
+[app]
+[app:children]
+app_stg
+app_prd
+
+[production]
+[production:children]
+app_prd
+
+[staging]
+[staging:children]
+app_stg
+
+[mailhog]
+[mailhog:children]
+app_stg
+
+[secrets]
+[secrets:children]
+app
+
+[mariadb]
+[mariadb:children]
+app

inventory.py

@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+import json
+import yaml
+import requests
+from typing import List
+
+
+class Inventory:
+    inventory_url = None
+    vars = None
+
+    def __init__(self, inventory_url='https://inventory.punkt.app'):
+        self.inventory_url = inventory_url
+        self._load_vars()
+        self._load_public_keys()
+
+    def _load_vars(self) -> None:
+        with requests.get(f'{self.inventory_url}/defaults/main.yaml', stream=True, timeout=30) as response:
+            self.vars = yaml.safe_load(response.content)
+
+    def _load_public_keys(self) -> None:
+        for user, user_info in self.vars['punktde']['people'].items():
+            user_info['public_keys'] = self._get_public_keys(user, user_info['email'])
+
+    def _get_public_keys(self, user: str, email: str) -> List:
+        response = requests.get(f'{self.inventory_url}/files/public_keys/{user}.pub', timeout=30)
+        if response.status_code != 200:
+            return []
+
+        public_keys = []
+        for public_key in response.content.decode().splitlines():
+            public_key = public_key.strip()
+            if not public_key or public_key.startswith('#'):
+                continue
+            public_key = public_key.split(' ', 2)
+            public_key = f'{public_key[0]} {public_key[1]} {email}'
+            public_keys.append(public_key)
+            break
+
+        return public_keys
+
+    def inventory(self):
+        return {
+            'all': {
+                'vars': self.vars,
+            }
+        }
+
+    def __str__(self) -> str:
+        return json.dumps(self.inventory())
+
+
+if __name__ == '__main__':
+    print(str(Inventory()))

molecule/.molecule.yml.tmp

@@ -0,0 +1,27 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: geerlingguy/docker-ubuntu2204-ansible
+    command: /lib/systemd/systemd
+    pre_build_image: true
+    privileged: true
+    cgroupns_mode: host
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+verifier:
+  name: ansible
+scenario:
+  name: default
+  test_sequence:
+    - destroy
+    - create
+    - converge
+    - verify

molecule/.verify.yml.tmp

@@ -0,0 +1,8 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Example assertion
+      ansible.builtin.assert:
+        that: true

molecule/converge.yml

@@ -0,0 +1,9 @@
+---
+- name: Converge
+  hosts: all
+  environment:
+    GITHUB_ACTIONS: "maybe"
+  tasks:
+    - name: "Include {{ role_name }}"
+      ansible.builtin.include_role:
+        name: "{{ role_name }}"